We are a group consisting of students and
faculty at SITE,
University Of
Ottawa collaborating with IBM for research related to
software security. Our current main focus includes research on
the latest security attacks/vulnerabilities as well as their
implications with regard to rich internet applications.

We are particularly interested in the challenges associated with
automatic crawling rich internet applications, and have developped a
promising new technique called "Model-Based Crawling".

The security of applications and automatic security testing is an
important, ongoing, and growing concern. Among the applications needing
security, Web-based applications are at the forefront: being on the
Internet, they are intrinsically exposed to attacks. Easily produced and
rapidly changing, web-based applications are often found at the low end of
software engineering standards. So-called "Rich Internet Applications"
(RIAs), which execute important parts of the application logic in the
browser on the user's side, just make the matter worse by providing new
attack vectors and creating much more complex architectures. In addition
to security, application developers are also interested in testing the
accessibility of their application and in content indexing.
To automate the testing of RIAs we are working on two projects:

1. Model Based Crawling:
Building models is important not only for indexing content, but also
for automated testing, automated security and accessibility assessments,
and in general for using software
engineering tools. Our objective is to efficiently construct
models for RIAs. The focus of this project is on discovering most states as early as
possible during the crawl.

2. Distributed RIA Crawling:
One can reduce the time it takes to crawl a RIA by executing the crawl in
parallel on multiple computational units. The objective of this ongoing
project is to create distributed architectures, protocols, and load
balancing algorithms that harness the computational
power available on multiple computers and thus reduce the time required to crawl a RIA.

We are often looking for prospective graduate students who are
interested in working on topics related to software security and
application modeling. Please see our
current openings